Windows Server 2025 Software Defined Datacenter: Networking Deployment Series (3/6)

Welcome to part three of our Networking Deployment Series for Windows Server 2025. In this deployment series, we look at Contoso Medical Center’s journey deploying and harnessing the power of Windows Server 2025 Software Defined Datacenter (SDDC) to build a next-generation environment for your VMs and applications.

So far, Contoso has:

• Part 1: Laid the foundation with consistent and automated host networking using Network ATC
• Part 2: Introduced proactive diagnostics and monitoring with Network HUD

Now, it’s time for Contoso to bring Software Defined Networking (SDN) into their production environment—and to do that, they need a control plane that is resilient, clustered, and enterprise-grade. That’s where Network Controller on Failover Cluster (NC on FC) comes in.

From Lab to Life-Support: Contoso’s Leap to Production-Ready SDN

As a medical center with 24/7 uptime requirements, Contoso can’t afford downtime on critical services. In the past, they explored SDN capabilities, but the VM-based deployment model didn’t meet their standards.  It required patching of the VMs, installation of Security agents, and a 45-minute installation time!

Now, with Windows Server 2025, Contoso can deploy Network Controller— the brains of SDN—on Windows Failover Cluster, unlocking the ability to run SDN production workloads in under 10 minutes, no VMs to patch, and so long as the hosts are patched, Network Controller is patched.

What Is Network Controller on Failover Cluster?

Network Controller is a key component in Windows Server SDN that:

• Provides top-tier VM network security such as Network Security Groups (NSGs) and Default Network Policies (DNP), i.e., No VM is ever left behind without a Network Security Group.
• As you onboard optional critical SDN services such as Virtual Networks, Software Load Balancer (SLBMUX) and Gateways, it ensures the goal state remains consistent and provides policy push to your hosts. 
• Maintains the intent of your software-defined network across hosts

With Failover Cluster support, Network Controller becomes:

• Highly available—if one node fails, another picks up instantly
• Stateful—configuration and operational state is replicated across nodes
• More secure and manageable—via new deployment flows in WAC and SDNExpress

How Contoso Deployed It

Using Windows Admin Center (WAC), Contoso’s IT team followed the Native SDN deployment experience:

1. Created a Failover Cluster with a minimum of two nodes
2. Selected SDN Infrastructure in Windows Admin Center > Native SDN
3. Validated cluster health with built-in diagnostics and event tracing
4. Integrated with Azure Arc for hybrid monitoring and policy enforcement as needed

The result? A resilient SDN control plane, ready for production.

Why This Matters for You

With NC on FC, you can:

• Deploy SDN in environments with uptime SLAs
• Ensure control plane resiliency in case of node failures
• Lay the groundwork for future SDN scale-out and multi-cluster scenarios
• Meet compliance and enterprise IT standards for critical infrastructure

Whether you’re managing workloads in healthcare, finance, retail, or government—high availability is non-negotiable. This enhancement in Windows Server 2025 SDN bridges that gap.

Compatibility & Tooling

Network Controller on Failover Cluster is supported in:

• Windows Server 2025 (Datacenter)
• Windows Admin Center (latest version)
• SDNExpress v2

For an in-depth deployment walkthrough, check out our step-by-step guide and demo video walk-through.

What’s Next?

With Network Controller now deployed in a VM-less model, Contoso Medical Center is ready to:

• Protect every VM workload with Network Security Groups (NSGs) (coming in Part 3)
• Use Tag-based Segmentation for medical workloads so that a new Admin and your compliance team can ensure every workload gets the right NSG! (coming in Part 3)
• Onboard new VMs with Default Network Policies (No VM left behind) (coming in part 3)
• …and eventually connect multiple sites using SDN Multisite (coming in Part 6)

Stay tuned for our next blog, where we show how SDN protects workloads with built-in VM policies and security enforcement—no agents, no extra products.

Try It Today

Interested in trying NC on Failover Cluster?
Check out the documentation: Windows Admin Center or SDNExpress
Check out the installation walk-through

Have feedback? Email us at edgenetfeedback@microsoft.com